Summary: Differences between 9.3 and later versions

jcarroll65 at cfl.rr.com jcarroll65 at cfl.rr.com
Tue Feb 23 15:22:17 UTC 2010


This mailing list rocks. 

Many thanks to Stephane Bortzmeyer and Jay Ford. Both where spot on with "allow-query". Now BIND 9.7 resolves to the outside.

JC

---- jcarroll65 at cfl.rr.com wrote: 
> Please do not crucify me.
> 
> Due to an security audit I have been given the task of upgrading our BIND from 9.3 to a new version (9.7 is preferred). Using the package from sunfreeware.com (Solaris 10/X86) the upgrade seem to work well. However, whenever someone tries to nslookup (or dig) an external site (i.e. cnn.com) they get REFUSED. If I back down to the 9.3 version all is well. I've tried to find what new security feature is required, but alas I can't seem to get it. What changes affect resolving outside sites?
> 
> JC




More information about the bind-users mailing list